Public keys have the word "public" in their name because it is safe for them to be... public. In fact you should make them available on a web page or something. The more well-known your key, the harder it is to be co-opted.
As for security against things like bad Python. You cannot control the client software. Such security must be server-side. Which has been said for a long time now. Should be an exciting project for all the budding security folk wanting to prove themselves.
Trust - Split from: MOSS Test Shards
Re: Trust - Split from: MOSS Test Shards
At some point the logic (as in how to) of server side security is going to be looked at.
MustardJeep has brought up a problem in the Clustering thread. If multiple private servers are to form a net, the requirement that they must use the same private key destroys the idea of security. The more people that know a secret, the less likely it will remain secret. Plus, if shard operators joining a network can get the key through some process, that process becomes a new security management process.
Real security needs to exist at login, whether it is a player logging in or an age server signing into the network. A token passing system could be used for the networked servers that removes the need for them to have what might be considered the shard's primary key. Whatever is figured out, things will need to change.
MustardJeep has brought up a problem in the Clustering thread. If multiple private servers are to form a net, the requirement that they must use the same private key destroys the idea of security. The more people that know a secret, the less likely it will remain secret. Plus, if shard operators joining a network can get the key through some process, that process becomes a new security management process.
Real security needs to exist at login, whether it is a player logging in or an age server signing into the network. A token passing system could be used for the networked servers that removes the need for them to have what might be considered the shard's primary key. Whatever is figured out, things will need to change.
Nalates
GoW, GoMa and GoA apprentice - Guildmaster GoC - SL = Nalates Urriah
GoW, GoMa and GoA apprentice - Guildmaster GoC - SL = Nalates Urriah
Re: Trust - Split from: MOSS Test Shards
Actually, I brought that up.
We are all awaiting your proposal. I do suggest you be willing to change it after feedback, when you bring it to the table.
- a'moaca'
We are all awaiting your proposal. I do suggest you be willing to change it after feedback, when you bring it to the table.
- a'moaca'